function subscribe_finish() { set_time_limit(0); $aSendedID = array(); $aReceivers = $this->db->select('SELECT I.user_id, U.user_id as id, U.login, U.password FROM ' . TABLE_ITEMS . ' I, ' . TABLE_USERS . ' U WHERE I.status = ' . ITEMS_STATUS_COMPLETED . ' AND I.user_id!=1 AND I.user_id = U.user_id AND I.id NOT IN( 39, 41, 70 ) GROUP BY I.user_id ORDER BY U.login ASC'); //echo '<pre>', print_r($aReceivers, true), '</pre>'; exit; // $aReceivers = array( // array('id'=>1, 'login'=>'*****@*****.**', 'password'=>'x123') // ); # инициализируем класс рассылки $mailer = new CMail(); $mailer->From = config::get('mail_noreply', BFF_EMAIL_NOREPLY); //"E-Mail адрес уведомлений" из настроек сайта # подготавливаем заголовок письма $mailer->FromName = 'ILove.zp.ua'; $mailer->Subject = 'ILove.zp.ua - итоги акции!'; $sTpl = nl2br($this->getMailTemplateContent('member_subscribe_open')); foreach ($aReceivers as $v) { if (func::IsEmailAddress($v['login'])) { # подготавливаем тело письма $mailer->AltBody = ''; $mailer->MsgHTML(strtr($sTpl, array('{login}' => $v['login'], '{password}' => $v['password']))); # отправляем письмо $mailer->AddAddress($v['login']); if ($mailer->Send()) { $aSendedID[] = $v['id']; } $mailer->ClearAddresses(); usleep(150000); // sleep for 0.15 second } } echo sizeof($aReceivers), ' / ', sizeof($aSendedID), '<br/>'; echo '<pre>', print_r($aSendedID, true), '</pre>'; exit; }
function view() { $nUserID = $this->security->getUserID(); if (bff::$isAjax) { $aResponse = array(); switch (func::GET('act')) { case 'comment': $p = $this->input->postm(array('id' => TYPE_UINT, 'reply' => TYPE_UINT, 'message' => TYPE_STR, 'name' => TYPE_NOHTML, 'captcha' => TYPE_STR)); if (!$p['id']) { $this->errors->set(Errors::IMPOSSIBLE); break; } $p['name'] = func::cleanComment($p['name']); $p['message'] = func::cleanComment($p['message']); if (empty($p['message'])) { $this->errors->set('comm_message'); } if (!$nUserID) { if (empty($p['name'])) { $this->errors->set('comm_name'); } $oProtection = new CCaptchaProtection(); if (!$oProtection->valid(isset($_SESSION['c2']) ? $_SESSION['c2'] : '', $p['captcha'])) { $aResponse['captcha_wrong'] = 1; $this->errors->set('comm_wrong_captcha'); } } if ($this->errors->no()) { unset($_SESSION['c2']); $res = $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_COMMENTS . ' (pid, item_id, user_id, comment, name, ip, created) VALUES(' . $p['reply'] . ', ' . $p['id'] . ', ' . $nUserID . ', :comment, :name, :ip, :created)', array(':comment' => $p['message'], ':name' => $p['name'], ':ip' => func::getRemoteAddress(), ':created' => $this->db->getNOW(false))); if ($nCommentID = $this->db->insert_id(TABLE_BBS_ITEMS_COMMENTS, 'id')) { $aData = $this->db->one_array('SELECT IC.*, ( CASE WHEN IC.user_id != 0 THEN U.name ELSE IC.name END) as name, I.user_id as owner_id, I.contacts_email, U.blocked as user_blocked FROM ' . TABLE_BBS_ITEMS_COMMENTS . ' IC LEFT JOIN ' . TABLE_USERS . ' U ON IC.user_id = U.user_id, ' . TABLE_BBS_ITEMS . ' I WHERE IC.id=' . $nCommentID . ' AND IC.item_id = I.id'); $aData['my'] = $aData['owner_id'] > 0 && $aData['owner_id'] == $nUserID; $aData['cur_user_id'] = $nUserID; $aResponse['comment'] = $this->tplFetchPHP($aData, 'item.view.comment.php'); $sEnotifyEmail = false; if ($aData['owner_id']) { if (!$nUserID || $nUserID > 0 && $aData['owner_id'] != $nUserID) { //комментатор > незарег. пользователь или не владелец объявления // для зарег. пользователей отправляем на email указанный при регистрации $sEnotifyEmail = $this->db->one_data('SELECT email FROM ' . TABLE_USERS . ' WHERE user_id = ' . $aData['owner_id']); } } else { // для незарег. пользователей отправляем на контактный email $sEnotifyEmail = $aData['contacts_email']; if ($this->isEditPassGranted($p['id'])) { $sEnotifyEmail = false; // есть доступ к редактированию, значит = владелец объявления } } if (!empty($sEnotifyEmail) && func::IsEmailAddress($sEnotifyEmail)) { // отправляем уведомление о новом комментарии к объявлению $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_COMMENTS_ENOTIFY . ' (item_id, comment_id, comment, email, created) VALUES(' . $p['id'] . ', ' . $nCommentID . ', :comment, :email, ' . time() . ')', array(':comment' => nl2br(tpl::truncate($p['message'], 100, '...', true)), ':email' => $sEnotifyEmail)); } } } break; case 'comment_del': $p = $this->input->postm(array('id' => TYPE_UINT, 'comment_id' => TYPE_UINT)); if (!$p['id'] || !$p['comment_id']) { $this->errors->set(Errors::IMPOSSIBLE); break; } if (!$nUserID) { $this->errors->set(Errors::ACCESSDENIED); break; } $isCommentOwner = $this->db->one_data('SELECT user_id FROM ' . TABLE_BBS_ITEMS_COMMENTS . ' WHERE id = ' . $p['comment_id'] . ' AND user_id = ' . $nUserID); if ($isCommentOwner) { $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS_COMMENTS . ' SET deleted = 3 WHERE id = ' . $p['comment_id']); $aResponse['success'] = !empty($res); $aResponse['by'] = 3; } else { $isOwner = $this->db->one_data('SELECT id FROM ' . TABLE_BBS_ITEMS . ' WHERE id = ' . $p['id'] . ' AND user_id = ' . $nUserID); if (empty($isOwner)) { $this->errors->set(Errors::ACCESSDENIED); break; } $res = $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS_COMMENTS . ' SET deleted = 1 WHERE id = ' . $p['comment_id']); $aResponse['success'] = !empty($res); $aResponse['by'] = 1; } break; } $aResponse['res'] = $this->errors->no(); $this->ajaxResponse($aResponse); } $nItemID = $this->input->id('id'); if (!$nItemID) { func::JSRedirect('/'); } $sqlDate = $this->db->str2sql(date('Y-m-d')); $dp = $this->initDynprops(); $aData = $this->db->one_array('SELECT I.id, I.user_id, I.status, I.press, I.svc, (I.svc = ' . Services::typePremium . ') as premium, I.publicated, I.publicated_to, I.blocked_reason, I.cat_id, C.regions as cat_regions, C.prices as cat_prices, C.prices_sett as cat_prices_sett, I.cat_type, CT.title as cat_type_title, I.cat_subtype, CST.title as cat_subtype_title, I.views_total, IV.views as views_today, I.img, I.imgfav, I.imgcnt, I.title, I.descr, I.descr_regions, I.info, I.price, I.price_torg, I.price_bart, I.video, I.contacts_name, I.contacts_email, I.contacts_phone, I.contacts_skype, I.contacts_site, I.mkeywords, I.mdescription, U.email2 as contacts_email2, U.blocked as user_blocked, U.blocked_reason as user_blocked_reason, I.f' . join(', I.f', range($dp->datafield_int_first, $dp->datafield_text_last)) . ' FROM ' . TABLE_BBS_ITEMS . ' I LEFT JOIN ' . TABLE_BBS_CATEGORIES_TYPES . ' CT ON I.cat_type = CT.id LEFT JOIN ' . TABLE_BBS_CATEGORIES_SUBTYPES . ' CST ON I.cat_subtype = CST.id LEFT JOIN ' . TABLE_BBS_ITEMS_VIEWS . ' IV ON I.id = IV.item_id AND IV.views_date = ' . $sqlDate . ' LEFT JOIN ' . TABLE_USERS . ' U ON I.user_id = U.user_id, ' . TABLE_BBS_CATEGORIES . ' C WHERE I.id = ' . $nItemID . ' -- AND I.status = ' . BBS_STATUS_PUBLICATED . ' AND I.cat_id = C.id '); if (empty($aData)) { func::JSRedirect('/'); } else { if ($aData['status'] != BBS_STATUS_PUBLICATED) { if ($aData['status'] == BBS_STATUS_BLOCKED) { return $this->showForbidden('Данное объявление отклонено.' . (!empty($aData['blocked_reason']) ? ' <br/><br/><b>Причина: </b>' . nl2br($aData['blocked_reason']) : ''), 'Объявление отклонено'); } return $this->showForbidden('Данное объявление находится на модерации'); } } if ($aData['user_blocked']) { return $this->showForbidden('Аккаунт пользователя заблокирован.' . (!empty($aData['user_blocked_reason']) ? ' <br/><b>Причина:</b><i>' . nl2br($aData['user_blocked_reason']) . '</i>' : ''), 'Аккаунт пользователя заблокирован'); } $aDynprops = $dp->form($aData['cat_id'], $aData, true, array(), 'dp', 'dynprops.form.view.php', $this->module_dir_tpl); $aData['dp'] = $aDynprops['form']; unset($aDynprops); if (!empty($_GET['print'])) { $aData['cat'] = $this->db->one_array('SELECT id, pid, title, items, numlevel, numleft, numright, regions, prices, prices_sett FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id=' . $aData['cat_id'] . ' LIMIT 1'); $aData['cats'] = $this->db->select('SELECT id, title FROM ' . TABLE_BBS_CATEGORIES . ' WHERE ((numleft < ' . $aData['cat']['numleft'] . ' AND numright > ' . $aData['cat']['numright'] . ') OR id = ' . $aData['cat']['id'] . ') AND numlevel>0 ORDER BY numleft'); echo $this->tplFetchPHP($aData, 'item.view.print.php'); exit; } $aData['cat'] = $this->db->one_array('SELECT id, pid, title, items, numlevel, numleft, numright, regions, prices, prices_sett FROM ' . TABLE_BBS_CATEGORIES . ' WHERE id=' . $aData['cat_id'] . ' LIMIT 1'); $aParentCatsID = $this->db->select_one_column('SELECT id FROM ' . TABLE_BBS_CATEGORIES . ' WHERE ((numleft < ' . $aData['cat']['numleft'] . ' AND numright > ' . $aData['cat']['numright'] . ') OR id = ' . $aData['cat']['id'] . ') AND numlevel>0 ORDER BY numleft'); $aData['cats'] = $this->db->select('SELECT id, pid, title FROM ' . TABLE_BBS_CATEGORIES . ' WHERE enabled = 1 AND (numlevel = 1 ' . (!empty($aParentCatsID) ? ' OR pid IN (' . join(',', $aParentCatsID) . ') OR id IN (' . join(',', $aParentCatsID) . ')' : '') . ') ORDER BY numleft'); $aData['cats'] = $this->db->transformRowsToTree($aData['cats'], 'id', 'pid', 'sub'); $aData['cats_active'] = $aParentCatsID; $aData['comments'] = $this->getItemComments($nItemID); if (!(($aData['my'] = $aData['user_id'] != 0 && $aData['user_id'] == $nUserID) || $this->isEditPassGranted($nItemID))) { //update item views $this->db->execute('UPDATE ' . TABLE_BBS_ITEMS . ' SET views_total = views_total + 1 WHERE id = ' . $nItemID); $this->db->execute('INSERT INTO ' . TABLE_BBS_ITEMS_VIEWS . ' (item_id, views, views_date) VALUES(' . $nItemID . ', 1, ' . $sqlDate . ') ON DUPLICATE KEY UPDATE views = views + 1'); } config::set(array('mkeywords' => $aData['mkeywords'], 'mdescription' => $aData['mdescription'], 'bbsCurrentCategory' => $aData['cat_id'])); $aData['from_search'] = isset($_SERVER['HTTP_REFERER']) && stripos($_SERVER['HTTP_REFERER'], '/search') !== FALSE; return $this->tplFetchPHP($aData, 'item.view.php'); }
function mod_edit() { if (!$this->haveAccessTo('users-edit')) { return $this->showAccessDenied(); } if (!($nRecordID = $this->input->id())) { $this->adminRedirect(Errors::IMPOSSIBLE, 'listing'); } $sTUID = func::GET('tuid'); if (!$this->checkTUID($sTUID, $nRecordID)) { return $this->showAccessDenied(); } $aData = array('admin' => 0); #анализируем группы, в которые входит пользователь $bUserSuperadmin = 0; $aUserGroups = $this->getUserGroups($nRecordID); foreach ($aUserGroups as $v) { if ($v['group_id'] == self::GROUPID_SUPERADMIN) { $bUserSuperadmin = 1; } if ($v['adminpanel'] == 1) { $aData['admin'] = 1; } } if (bff::$isPost) { $this->input->postm(array('name' => TYPE_STR, 'email' => TYPE_STR, 'changepass' => TYPE_BOOL, 'password' => TYPE_STR, 'balance' => TYPE_NUM, 'skype' => TYPE_STR, 'email2' => TYPE_STR, 'phone' => TYPE_STR, 'group_id' => TYPE_ARRAY_INT, 'cat' => TYPE_ARRAY_UINT), $aData); if (!$aData['admin']) { //удаляем настройки предназначенные для админов unset($aData['im_noreply']); } if (empty($aData['email'])) { $this->errors->set('empty:email'); } elseif (!func::IsEmailAddress($aData['email'])) { $this->errors->set('wrong:email'); } if ($aData['changepass']) { if (empty($aData['password'])) { $this->errors->set('empty:password'); } else { $aData['password'] = $this->security->getUserPasswordMD5($aData['password']); } } else { unset($aData['password']); } // if($aData['city_id']<=0) // $this->errors->set('wrong:city'); $aGroupID = $aData['group_id']; $aData['email_hash'] = func::getEmailHash($aData['email']); if ($this->isEmailExists($aData['email_hash'], $nRecordID)) { $this->errors->set('email_exist'); } if ($this->errors->no()) { #update user data unset($aData['changepass'], $aData['group_id']); $aData['member'] = in_array(self::GROUPID_MEMBER, $aGroupID) ? 1 : 0; $aData['cat'] = join(',', $aData['cat']); $this->userUpdate($nRecordID, $aData); $avatar = new CAvatar(TABLE_USERS, USERS_AVATAR_PATH, 'avatar', 'user_id'); $avatar->update($nRecordID, true, true); #set user groups if ($bUserSuperadmin && !in_array(self::GROUPID_SUPERADMIN, $aGroupID)) { $aGroupID = array_merge($aGroupID, array(self::GROUPID_SUPERADMIN)); } $this->assignUser2Groups($nRecordID, $aGroupID); #обновляем, является ли юзер администратором $bIsAdmin = 0; if ($this->errors->no()) { if ($bUserSuperadmin || in_array(self::GROUPID_MODERATOR, $aGroupID)) { $bIsAdmin = 1; } elseif (count($aGroupID) == 1 && current($aGroupID) == self::GROUPID_MEMBER) { $bIsAdmin = 0; } else { $aUserGroups = $this->getUserGroups($nRecordID); foreach ($aUserGroups as $v) { if ($v['adminpanel'] == 1) { $bIsAdmin = 1; break; } } } if ($aData['admin'] != $bIsAdmin) { $sQuery = ', im_noreply = 0'; $this->db->execute('UPDATE ' . TABLE_USERS . ' SET admin=' . $bIsAdmin . (!$bIsAdmin ? $sQuery : '') . ' WHERE user_id=' . $nRecordID); } } #если пользователь редактирует собственные настройки if ($this->security->isCurrentUser($nRecordID)) { $this->security->expire(); } $this->adminRedirect(Errors::SUCCESSFULL, (!func::GET('members') ? 'admin_' : '') . 'listing'); } $aActiveGroupsID = $aGroupID; } else { $aActiveGroupsID = array(); for ($j = 0; $j < count($aUserGroups); $j++) { $aActiveGroupsID[] = $aUserGroups[$j]['group_id']; } } $aUserInfo = $this->db->one_array('SELECT U.*, C.title as city, R.region_id, R.title as region FROM ' . TABLE_USERS . ' U LEFT JOIN ' . TABLE_CITY . ' C ON U.city_id=C.city_id LEFT JOIN ' . TABLE_REGION . ' R ON C.region_id=R.region_id WHERE U.user_id=' . $nRecordID . ' LIMIT 1'); $aData = func::array_2_htmlspecialchars(array_merge($aUserInfo, $aData), null, true); $aData['social_link'] = ''; if ($aData['social']) { switch ($aData['social']) { case 'vk': $aData['social_link'] = 'http://vkontakte.ru/id' . $aData['vk_id']; } } //assign groups $exists_options = $active_options = ''; $aGroupsExlude = array(USERS_GROUPS_MEMBER); if (!$bUserSuperadmin) { $aGroupsExlude[] = USERS_GROUPS_SUPERADMIN; } $aGroups = $this->getGroups($aGroupsExlude); for ($i = 0; $i < count($aGroups); $i++) { if (in_array($aGroups[$i]['group_id'], $aActiveGroupsID)) { $active_options .= '<option value="' . $aGroups[$i]['group_id'] . '" style="color:' . $aGroups[$i]['color'] . ';">' . $aGroups[$i]['title'] . '</option>'; } else { $exists_options .= '<option value="' . $aGroups[$i]['group_id'] . '" style="color:' . $aGroups[$i]['color'] . ';">' . $aGroups[$i]['title'] . '</option>'; } } $this->tplAssignByRef('exists_options', $exists_options); $this->tplAssignByRef('active_options', $active_options); //$aData['city_options'] = bff::i()->Sites_geoCityOptions($aData['city_id'], 'edit'); $aData['cat'] = explode(',', $aData['cat']); $this->tplAssign('aCategories', $this->getBBSCategories($aData['cat'])); $aData['superadmin'] = $bUserSuperadmin; $aData['tuid'] = $sTUID; $aData['edit'] = true; $this->tplAssignByRef('aData', $aData); return $this->tplFetch('admin.mod.form.tpl'); }
function subscriber_edit() { if (!$this->haveAccessTo('subscribers-edit')) { return $this->showAccessDenied(); } $nRecordID = func::POSTGET('rec', false, true); if (!$nRecordID) { $this->adminRedirect(Errors::IMPOSSIBLE, 'subscriber_listing'); } $aData = $this->db->one_array('SELECT * FROM ' . DB_PREFIX . 'subscribers WHERE id=' . $nRecordID . ' LIMIT 1'); if (!$aData) { $this->adminRedirect(Errors::IMPOSSIBLE, 'subscriber_listing'); } if (func::isPostMethod()) { $sName = $aData['name'] = func::POST('name'); $sEmail = $aData['email'] = func::POST('email'); if (!$sName) { $aErrors[] = $this->errors->set('no_subscriber_name'); } if (!$sEmail) { $this->errors->set('no_subscriber_email'); } elseif (!func::IsEmailAddress($sEmail)) { $this->errors->set('subscriber_wrong_email'); } elseif ($aData['email'] != $sEmail && $this->isSubscribed($sEmail)) { $this->errors->set('subscriber_email_exists'); } if ($this->errors->no()) { $this->db->execute('UPDATE ' . DB_PREFIX . 'subscribers SET name=' . $this->db->str2sql($sName) . ', email=' . $this->db->str2sql($sEmail) . ', create_datetime=' . $this->db->getNOW() . ' WHERE id=' . $nRecordID); $this->adminRedirect(Errors::SUCCESSFULL, 'subscriber_listing'); } } $this->tplAssign('rec', $nRecordID); $this->tplAssign('aData', $aData); return $this->tplFetch('admin.subscriber.form.tpl'); }
function ajax() { if (bff::$isAjax) { switch (func::GETPOST('act')) { case 'subscribe': /* * При подписке: * - email выступает в дальнейшем в качестве логина * - пароль генерируется автоматически */ $sName = $this->input->post('name', TYPE_NOHTML); $sEmail = mb_strtolower($this->input->post('email', TYPE_NOHTML)); $response = ''; do { if (empty($sEmail) || !func::IsEmailAddress($sEmail)) { $response = 0; break; // некорректно указан email } $isSubscribed = $this->db->one_data('SELECT user_id FROM ' . TABLE_USERS . ' WHERE login='******'email' - для рассылки, 'login' - для авторизации $nUserID = $this->userCreate(array('login' => $sEmail, 'email' => $sEmail, 'password' => $sPassword, 'name' => $sName, 'subscribed' => 1, 'ip_reg' => func::getRemoteAddress(true)), self::GROUPID_MEMBER); if ($nUserID) { $response = 1; // успешно подписались # высылаем письмо (ставим в очередь на рассылку) CMail::SendQueue('subscribe', array('user_id' => $nUserID)); } else { $response = 4; // системная ошибка } } while (false); $this->ajaxResponse(array('result' => $response)); break; case 'enter': if ($this->security->isLogined()) { $this->ajaxResponse(array('result' => 'login-ok')); } $aData = $this->input->postm(array('email' => TYPE_STR, 'pass' => TYPE_STR, 'reg' => TYPE_BOOL)); if (!func::IsEmailAddress($aData['email'])) { $this->errors->set('wrong:email'); break; //email не корректный } if ($this->security->checkBan(false, func::getRemoteAddress(), $aData['email'], true)) { $this->errors->set(Errors::ACCESSDENIED); break; //не прошли бан-фильтр } if ($aData['reg']) { //регистрация if (empty($aData['pass']) || strlen($aData['pass']) < 3) { $this->errors->set('password_short'); break; //пароль слишком короткий } $aData['email_hash'] = func::getEmailHash($aData['email']); if ($this->isEmailExists($aData['email_hash'])) { $this->errors->set('email_exist'); break; //email уже занят } $this->getActivationInfo($sCode, $sLink); $nUserID = $this->userCreate(array('login' => $aData['email'], 'email' => $aData['email'], 'email_hash' => $aData['email_hash'], 'password' => $aData['pass'], 'ip_reg' => Func::getRemoteAddress(true), 'activatekey' => $sCode, 'activated' => 0), self::GROUPID_MEMBER); if ($nUserID) { //$this->userAUTH($aData['email'], $aData['pass'], null, true); $res = bff::sendMailTemplate(array('password' => $aData['pass'], 'email' => $aData['email'], 'activate_link' => "<a href=\"{$sLink}\">{$sLink}</a>"), 'member_registration', $aData['email']); $this->ajaxResponse(array('result' => 'reg-ok')); } else { $this->ajaxResponse(Errors::IMPOSSIBLE); } } else { //авторизация $nResult = $this->userAUTH($aData['email'], $aData['pass'], null, true); if ($nResult == 1) { //$this->security->setRememberMe('u', $aData['email'], $aData['pass']); bff::i()->Bbs_getFavorites(true); $bReload = false; if (!empty($_SERVER['HTTP_REFERER'])) { if (stripos($_SERVER['HTTP_REFERER'], '/item/') !== FALSE || stripos($_SERVER['HTTP_REFERER'], '/items/fav') !== FALSE) { $bReload = true; } } $userMenu = $this->tplFetch('user.menu.tpl'); $this->ajaxResponse(array('result' => 'login-ok', 'usermenu' => $userMenu, 'reload' => $bReload)); } else { $mResponse = null; switch ($nResult) { case 0: $this->errors->set('email_or_pass_incorrect'); break; case -3: $this->errors->set('activate_first'); break; //активируйте ваш аккаунт //активируйте ваш аккаунт case -2: $this->errors->set(Errors::ACCESSDENIED); break; //удален } if (is_array($nResult)) { if ($nResult['res'] == -1) { $this->errors->set('Аккаунт заблокирован.' . (!empty($nResult['reason']) ? ' <br/><b>Причина:</b>' . nl2br($nResult['reason']) : '')); } } } } break; } } $this->ajaxResponse(null); }